Vulnerabilities > PHP Jackknife
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-04 | CVE-2007-3002 | Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21 PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | 5.0 |
| 2007-06-04 | CVE-2007-3001 | Cross-Site Scripting vulnerability in PHP Jackknife PHP Jackknife 2.21 Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239. network php-jackknife | 4.3 |
| 2007-06-04 | CVE-2007-3000 | Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21 Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php. | 7.5 |
| 2005-12-14 | CVE-2005-4239 | Cross-Site Scripting vulnerability in PHP JackKnife Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. network php-jackknife | 4.3 |